eaphammer: review dependencies

[D3vil0p3r]

On eaphammer several dependencies are specified like:

depends=('python' 'python-argparse' 'python-tqdm' 'dnsmasq' 'libnfnetlink'
         'libnl' 'openssl' 'python-pem' 'python-pyopenssl' 'apache' 'libpcap'
         'curl' 'scapy' 'responder' 'hcxtools' 'hcxdumptool' 'python-flask'
         'python-flask-cors' 'python-flask-socketio' 'python-pywebcopy')

while the upstream repository dep file has:

apache
curl
dnsmasq
libnfnetlink
libnl
libpcap
openssl
zlib

and this file:

python-beautifulsoup4
python-flask-cors
python-flask-socketio
python-gevent
python-lxml
python-pem
python-pyopenssl
python-pyquery
python-pywebcopy
python-requests-html
python-scapy
python-tqdm
jinja2 (?)

[noraj]

Then what is the question?

Only python-argparse, responder, hcxtools, hcxdumptool are not listed there.

responder, hcxtools, hcxdumptool are system dependencies and even if there are not listed on the file you mentioned, there are used in the code: https://github.com/search?q=repo%3As0lst1c3%2Feaphammer%20hcxtools&type=code

In fact some tools are included in the source (in the thirdparty folder) and compiled locally: https://github.com/s0lst1c3/eaphammer/blob/ae329a47f1c8ef754e9fe517cee3f722e17dc574/kali-setup#L44-L50, https://github.com/s0lst1c3/eaphammer/blob/ae329a47f1c8ef754e9fe517cee3f722e17dc574/thirdparty/hcxtools/README.md. But why would we compile them from this as they are just a local copy of the original projects that already are packaged in AL/BA?

This leaves python-argparse, but if you had searched into the project, you would have seen it is required: https://github.com/search?q=repo%3As0lst1c3%2Feaphammer%20argparse&type=code. If you want you can PR upstream to add the missing dependency in pip.req file.

Some I don't see any issue with the dependencies in the PKGBUILD. What is the question?

[D3vil0p3r]

You answered to my hidden question. I needed to understand if the PKGBUILD had unneeded deps.

Furthermore, argparse is not part of Python standard library? So, there is no need to specify python-argparse in PKGBUILD.

[noraj]

Furthermore, argparse is not part of Python standard library? So, there is no need to specify python-argparse in PKGBUILD.

Yes it can be removed, it was there for before Python 3.2 (https://pypi.org/project/argparse/).

[D3vil0p3r]

What is the jinja2 package for Arch?

[noraj]

What is the jinja2 package for Arch?

You can look at pypi to see the version and upstream URL of jinja 2 then compare with what you see in AL repositories.

On Pypi: https://pypi.org/search/?q=jinja2

• jinja (or so called jinja 1): https://pypi.org/project/Jinja/, last version is 1.2 from 2017
• jinja2 (or so called jinja 2): https://pypi.org/project/Jinja2/, last version is 3.1.4 from may 2024
  • the pypi package declares a website at https://jinja.palletsprojects.com/ and a source at https://github.com/pallets/jinja/

On AL: https://archlinux.org/packages/?sort=&q=jinja&maintainer=&flagged=

• python-jinja: https://archlinux.org/packages/extra/any/python-jinja/
  • version is 3.1.4, last updated in june 2024
  • If you look at the PKGBUILD source, upstream website declared is https://palletsprojects.com/p/jinja/ and source is https://github.com/pallets/jinja

With all those elements you can conclude that AL PKGBUILD python-jinja IS pypi package Jinja2.

I took 10 minutes to write this lengthy explanation so now you can check this kind of dependencies by yourself. "Give a Man a Fish, and You Feed Him for a Day. Teach a Man To Fish, and You Feed Him for a Lifetime".

[faerietree]

Let’s not forget to close this @D3vil0p3r

[D3vil0p3r]

@noraj can you reopen this? I will deal with it in 2 weeks. Currently I'm outside.

[D3vil0p3r]

FYI: I created a PR for eaphammer in the upstream repository to add Python 3.12 support: https://github.com/s0lst1c3/eaphammer/pull/221

On the source code I don't see any reference to the following Python deps:

pyquery
jinja2